jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

groups: only the local groups of a user can be set

Browse Source
This commit is contained in:
Girish Ramakrishnan
2024-02-28 15:55:54 +01:00
parent e26f71b603
commit 18a680a85b
4 changed files with 34 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/groups.js
+14 -17
View File
@@ -18,17 +18,17 @@ exports = module.exports = {
removeMember,
isMember,
setMembership,
getMembership,
setLocalMembership,
resetSource,
resetSource
// exported for testing
_getMembership: getMembership
};
const assert = require('assert'),
BoxError = require('./boxerror.js'),
constants = require('./constants.js'),
database = require('./database.js'),
externalLdap = require('./externalldap.js'),
safe = require('safetydance'),
uuid = require('uuid');
@@ -156,26 +156,23 @@ async function getMembership(userId) {
return result.map(function (r) { return r.groupId; });
}
async function setMembership(user, groupIds) {
assert.strictEqual(typeof user, 'object');
assert(Array.isArray(groupIds));
async function setLocalMembership(user, localGroupIds) {
assert.strictEqual(typeof user, 'object'); // can be local or external
assert(Array.isArray(localGroupIds));
for (const groupId of groupIds) {
// ensure groups are actually local
for (const groupId of localGroupIds) {
const group = await get(groupId);
if (!group) throw new BoxError(BoxError.NOT_FOUND, `Group ${groupId} not found`);
if (group.source) throw new BoxError(BoxError.BAD_STATE, 'Cannot set members of external group');
}
if (user.source === 'ldap') {
const config = await externalLdap.getConfig();
if (config.syncGroups) throw new BoxError(BoxError.BAD_STATE, 'Cannot set groups of external user when syncing groups');
}
let queries = [ ];
queries.push({ query: 'DELETE from groupMembers WHERE userId = ?', args: [ user.id ] });
groupIds.forEach(function (gid) {
const queries = [];
// a remote user may already be part of some external groups. do not clear those because remote groups are non-editable
queries.push({ query: 'DELETE FROM groupMembers WHERE userId = ? AND groupId IN (SELECT id FROM userGroups WHERE source = ?)', args: [ user.id, '' ] });
for (const gid of localGroupIds) {
queries.push({ query: 'INSERT INTO groupMembers (groupId, userId) VALUES (? , ?)', args: [ gid, user.id ] });
});
}
const [error] = await safe(database.transaction(queries));
if (error && error.code === 'ER_NO_REFERENCED_ROW_2') throw new BoxError(BoxError.NOT_FOUND, 'Group not found');